Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 15400 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG135 (SFOS 16.01.2) is blocking unknown protocol traffic by default

Ishwarsingh

Hi,

Currently my device XG-135 is running on V16.01.2, and it is weird to see that it is blocking unknown protocol traffic. Although "Block unrecognized SSL protocol " option is disabled under Web--> Protection. Below screenshots for reference.

 

Please suggest how to resolve this issue. There was no such issue until V15 & V16, all began after 16.01.2 . 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    I have been receiving that error for sometime before the current XG version was released.

    If it is blocked it must be known protocol to block it, so how can it be an unknown protocol? Pity the error doesn't provide more details about the unknown protocol so you can locate the source or destination.

  • 0 in reply to sachingurung

    Hi Sachin,

    Yes it is a particular website i.e. of our organization with Server IP - 220.227.24.121. It is being blocked, although all the site URLs pertaining to our organization is added under exception, but don't know why there is such issue.

    Please suggest.

     

    Thanks,

    Kumar 

  • 0 in reply to Ishwarsingh

    Hi Kumar,

    DM me the URL and a screenshot of the block or error page that you receive. Show me a picture of HTTPS exception policy and the configured URL(s).

    Thanks

  • 0 in reply to Ishwarsingh

    Hi Kumar,

    Thanks for all the information you DM'ed me. I see in the packet inspector tool that the website is hosted on a particular IP address;which is not "220.227.24.121". Next in the web filter category here, add basic domains like lntecc.com instead of www.lntecc.com, alongside in the keyword section add few keywords in a manner below:

    lntecc, ltindia, larsentoubro, ecampus, etc.

    I see from the packet inspector that the request on www.lntecc.com is communicated on port 80 but, the request for www.lntecc.com/eiplogin.aspx is then generated on port 443. This shouldn't be an issue if all the service ports are allowed through the firewall rule.

    I would recommend you to configure a FW-rule on the TOP, where the destination network should be the IP address I will DM you.

    Next, keep the web filter and application filter defined "None" and the primary gateway set to a specific ISP not Load Balanced.

    Hope that helps.